-
Cisco IP Solution Center MPLS VPN User Guide, 3.2 Integrated VPN Management Suite
-
Index
-
About this Guide
-
IP Solution Center - MPLS VPN
-
Provisioning an Unmanaged Multi-VRF CE
-
MPLS VPN Service Policies
-
MPLS VPN Service Requests
-
Provisioning Regular PE-CE Links
-
Provisioning MVRFCE PE-CE Links
-
Provisioning Management VPN
-
Provisioning Cable Services
-
Provisioning Carrier Supporting Carrier
-
Provisioning Multiple Devices
-
Spanning Multiple Autonomous Systems
-
Setting Up the Network
-
Service Request Transition States
-
Troubleshooting MPLS VPN
-
Table Of Contents
A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - W -
Index
A
access domain 1-13
ACLs
on the PE-CE link 1-31
role in MPLS security 1-30
address space separation 1-27
allowAS-in option 3-23
attacks, types of 1-29
audience, for guide xxv
autonomous system (AS) number
number of occurrences in AS path 3-23
autonomous systems, spanning 11-1
auto-pick route target values 3-7
B
backbone carrier
definition 9-1
allowAS-in option 3-23
AS number for CE's network 3-23
community attribute 1-33
dampening 1-30
neighbor allowAS-in value 3-23
neighbor AS-override option 3-23
RDs and RTs 1-24
redistribute connected routes 3-23
redistributing protocols into BGP 3-23
route-target communities 1-25
security features 1-33
Border Gateway Protocol. See BGP
C
cable services
cable-CE, creating 8-6
CMTS 8-4
DOCSIS 8-4
maintenance subinterface, provisioning 8-6
MSO 8-4
primary IP address range 8-5
redistributing connected routes recommended 3-33
redistributing static routes 3-33
secondary IP address range 8-5
specifying no routing protocol 3-33
carrier supporting carrier. See CSC.
CE
BGP AS number for 3-23
cable-CE, creating 8-6
default routes to 3-16
description of 1-11
extra loopback address 3-14
managed CE considerations 7-2
OSPF process ID 3-26
routing context table 1-32
unmanaged CEs 7-1
CERC 3-35
auto-pick route target values 3-7
creating new CERC 3-5
default CERC created automatically 3-3
full mesh 1-27
route target values, entering 3-7
CERC not intialized C-5
closed state 4-2
CMTS 8-4
CNS 2100 Series Intelligence Engine
Wait Deployed state C-4
collection server 1-4, 1-12, A-2, A-13
collection zones
assigning devices to A-15
defining A-13
devices assigned, list of A-16
confederation 11-8
configuration files
editing 4-34
security requirement 1-32
viewing 4-34
connected routes, redistributing 3-21, 3-24, 3-28, 3-32
crypto key generate rsa command A-4
CSC
creating a Service Request 9-5
defining a Service Policy 9-5
definition 9-1
using MPLS 9-2
customer carrier
as a BGP/MPLS service provider 9-3
definition 9-1
D
dampening 1-30
Data Over Cable Service Interface Specifications. See DOCSIS
default information originate option 3-17
default routes 3-18
default routes to CE 3-16
denial-of-service attack 1-29
deployed state 4-2
deploying service requests 4-28
device access algorithm 4-4
Device Configuration Service (DCS) C-1
DOCSIS 8-4
document organization xxvi
documents, related xxvii
download order for devices, specifying C-6
E
EBGP 3-22
edge device routers
access algorithm 4-4
SNMP, setting up A-4
editable attributes 3-8
EIGRP 3-29
metrics 3-30
encapsulations for each interface type 3-12
Ethernet-To-The-Home 10-9
export route map
defining name of 3-34
extranets 1-22
F
Failed Audit state C-4
failed audit state 4-3
failed deploy state 4-3
file descriptor limit, fixing problem with A-3
Frame Relay
IETF encapsulation 3-12
full mesh topology 1-27
definition 1-25
G
gateway of last resort 3-18
Generic Transport Library (GTL) C-1
H
hub-and-spoke topology 1-26
definition 1-25
hub route target 3-5
I
iBGP 3-22
IGP route label 11-6
import route map
defining name of 3-34
in-band connection 7-4
inter-autonomous systems
benefits 11-2
confederation 11-8
IGP route label 11-6
neighbor next-hop-self command 11-4
overview 11-1
redistribute connected command 11-6
redistribute connected subnets command 11-4
routing between AS's' 11-3
VPN route label 11-6
interfaces
cable maintenance subinterface, provisioning 8-6
encapsulations available 3-12
IP numbered 3-14
loopback, using existing number 3-15
subinterface numbers, how chosen by VPNSC 8-5
supported interfaces 3-11
Internet Service Provider. See ISP
intranets 1-22
intrusion attack 1-29
invalid state 4-3
Inventory and Connection Manager 3-2
IP address
keeping IP addresses on CE and PE intact C-6
IP addresses 3-8
automatically assigned 3-14
IP numbered with extra CE loopback 3-14
and network security 1-34
numbered 3-14
primary IP address range 8-5
secondary IP address range 8-5
unnumbered 3-14
in VPNs 1-13
IP address pools
and automatically assigned addresses 3-14
on the PE-CE link 3-8
and regions 3-15
IP Solution Center
device access algorithm 4-4
enabling TFTP A-9
network management subnet 1-12, A-2
servers, status of C-3
setting ISC workstation as TFTP server A-11
IP SolutionCenter
file descriptor limit A-3
ISP 8-5
secondary IP address range 8-5
J
jitter probes, enabling SA Agent for A-7
L
label spoofing 1-31
LDP authentication 1-32
login command A-4
login shell file A-3
loopback
extra loopback address on CE 3-14
interface number, using existing 3-15
and IP unnumbered addressing scheme 3-14
SR ID not included 3-15
loopback address missing C-6
lost state 4-3
M
managed CE
considerations 7-2
management route map 7-6
and export route map 3-34
and management route map 7-6
PE-CE links, provisioning 7-18
redistribute connected routes required 3-17
maximum number of routes into VRF 3-35
and shadow CE 7-5
MPLS services
provisioning workflow C-1
MPLS VPNs 1-20
address space separation 1-27
CERCs in 1-25
characteristics 1-21
connectivity between 1-32
default routes to CE 3-16
extranets 1-22
implementation techniques 7-4
in-band connection 7-4
intranets 1-22
management VPN 7-5
multiple VPNS merged into a single VPN 1-33
out-of-band VPN 7-5
principal technologies 1-21
route-target communities 1-25
routing protocols 3-16
routing separation 1-28
service requests, defining 4-6, 4-13, 4-21, 7-12, 8-6, 8-11
VRF forwarding table 1-32
MPLS VPN Solution
management VPN, implementing 7-9
security requirements 1-27
MSO
domain 8-4
primary IP address range 8-5
multicast
data MDT size 3-4
data MDT threshold 3-4
enabling 3-4
multicast domain (MD) 3-4, 4-4
multiple VPNS merged into a single VPN 1-33
Multi-VRF CE
data path 1-19
description of 1-18
switches for A-2
switch supported for 1-18
unlike a CE 1-19
MVRFCE PE-CE Link
creating a Service Policy 2-48, 6-6
creating a Service Request 6-18
overview 6-1
MVRFCE PE-NoCE Link
creating a Service Policy 6-12
creating a Service Request 6-27
N
neighbor allowAS-in value 3-23
neighbor AS-override option 3-23
neighbor next-hop-self command 11-4
network layer reachability information. See NLRI
network management subnet 1-12, A-2
management VPN technique 7-6, 7-9
out-of-band technique 7-7
NLRI 1-21
NPC
Ring Topology 10-2
O
OSPF 3-25
area number on PE 3-26
connected routes, redistributing 3-26
process ID on CE 3-26
process ID on PE 3-26
out-of-band technique 7-5, 7-7
out-of-memory error C-4
P
PE
description of 1-18
export route map 3-34
import route map 3-34
OSPF area number 3-26
OSPF process ID 3-26
PE-CE Link
creating a Service Policy 5-6
creating a Service Request 5-14
defining a VPN 5-3
PE-CE link
for management VPN 7-18
routing protocols for 3-16
security considerations 1-31
static route for IP unnumbered scheme 3-14
static route provisioning 3-17
PE-CLE
Ring Topology 10-2
pending state 4-3
PE-NoCE Link
creating a Service Policy 5-10
creating a Service Request 5-21
point-to-point address pool 3-14
POS interface 3-13
primary IP address range 8-5
processing server 1-4, 1-12, A-2
provisioning
cable maintenance subinterface 8-6
Provisioning.Service.mpls.saveDebugData property C-5
Provisioning driver (ProvDrv) C-1
R
RD
allocate new RD 3-35
description of 1-24
in hub-and-spoke environments 1-26
overwriting default RD value 3-35
role in routing separation 1-28
redistribute connected 3-21, 3-24, 3-28, 3-32
redistribute connected command 11-6
redistribute connected subnets command 11-4
redistribution of IP routes 3-16
redistribution of routing information 3-19
regions
IP address pools 3-15
related documents
ISC xxvii
requested state 4-4
Ring Topology 10-1
configuring Ring Topology 10-4
NPC 10-2
PE-CLE 10-2
RIP
default route to CE 3-18
giving only default routes to CE 3-19
hop counts 3-19
metrics 3-19
redistributing connected routes 3-19
redistributing OSPF routes to a PE 3-21, 3-24, 3-28, 3-32
redistributing static routes 3-19
route provisioning 3-19
route distinguisher 3-35
route map
export 3-34
import 3-34
routers
access algorithm 4-4
redistribute connected 3-21, 3-24, 3-28, 3-32
redistribution 3-19
routing context table 1-32
SA Agent, enabling for jitter probes A-7
SSH, setting up A-3
VRF forwarding table 1-32
route-target communities 1-25
routing context table 1-32
routing protocols
defining for PE-CE link 3-16
redistribute connected 3-21, 3-24, 3-28, 3-32
redistribution 3-19
securing 1-29
routing separation 1-28
RT
description of 1-24
entering RT values in CERC definition 3-7
rtr responder, enabling A-7
S
SA Agent
enabling on edge devices for jitter probes A-7
secondary IP address range 8-5
Secure Shell. See SSH A-2
security considerations
address space and routing separation 1-27
connectivity between VPNs 1-32
denial-of-service attack 1-29
hiding the MPLS core structure 1-28
intrusion attack 1-29
label spoofing 1-31
PE-CE link 1-31
security level in SNMPv3 A-5
security model in SNMPv3 A-5
security requirements for MPLS VPNs 1-27
servers
status of C-3
wdclient status command C-3
multi-VRF CE
in service provider network 1-12
service module C-2
CERC membership 3-35
editable attributes 3-8
editor 3-7
entering values 3-8
interface attributes 3-11
owner 3-9
types of service policies available 3-10
VRF and VPN information 3-34
service requests
defining 4-6, 4-13, 4-21, 7-12, 8-6, 8-11
deploying 4-28
RD value, overwriting 3-35
states 4-2
templates, enabling 3-35
VRF name, overwriting 3-35
shadow CE
and Management PE 7-5
site of origin 4-4
SNMP
rtr responder, enabling A-7
security level A-5
security model A-5
setting SNMP community strings on routers A-4
version 3 configuration A-5
SNMPv3
object characteristics A-6
spoke route target 3-5
SSH
generate crypto keys for A-4
setting up on routers A-3
state
closed 4-2
deployed 4-2
failed audit 4-3
failed deploy 4-3
invalid 4-3
lost 4-3
pending 4-3
requested 4-4
states of service requests 4-2
static route provisioning 3-17
created for IP unnumbered link 3-14
default information originate option 3-17
giving default routes to CE 3-17
redistributing connected routes 3-17
subinterface numbers, how chosen by VPNSC 8-5
T
task does not execute C-3
templates
enabling for service policy 3-35
terminal server
Telnet sessions, setting appropriate number A-8
TFTP
setting ISC workstation as TFTP server A-11
using instead of Telnet A-9
time zones
supported A-8
troubleshooting
file descriptor limit, fixing problem with A-3
U
unmanaged CEs 7-1
unmanaged MVRFCE
overview 2-1
select management type 2-15
unnumbered IP addresses 3-14
V
VLAN
ID, automatically set by ISC 3-13
VLAN ID pool and access domain C-5
VPN
auto-pick route target values 3-7
route label 11-6
VPN-IPv4 address 1-27, 3-35, 11-11
VPN route forwarding table. See VRF
VPN route label 11-6
VPNs
creating 3-1
multicast routing 3-4
VRF 1-21
configuration commands 1-24
description 3-35
elements of 1-22
export route map, defining name of 3-34
implementation considerations 1-23
import route map, defining name of 3-34
maximum routes in 3-35
naming convention 1-22
overwriting VRF name 3-35
and route-target communities 1-25
and routing separation 1-28
subinterface associated with 8-5
VRF forwarding table 1-32
W
Wait Deployed state C-3
WAN interfaces
loopback, using existing loopback number 3-15
wdclient command C-3